- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Wed, 27 Apr 2011 07:38:31 -0400
- To: public-xg-webid@w3.org
On 4/27/11 6:20 AM, Henry Story wrote: > Some more changes added to github and placed online here > > http://bblfish.net/tmp/2011/04/26/ > > This covers the last 5 changes from the changelist published here: > > https://github.com/bblfish/identity-ws-2011/commits/master > > Henry > > Henry, 3.2 Comparison to OpenID OpenID reduces the account multiplication issue by allowing users to login to every site using the same global identifier. WebID was inspired by OpenID but improves it in a number of meaningful ways: Protocol simplicity: the WebID protocol is a lot simpler, requiring only one more connection over and above the connection to the requested resource, where the result is cacheable. OpenID requires seven TLS connections, significantly more than WebID. These additional steps create opportunities for denial of service attacks, making it more difficult to secure and to debug. User-interaction simplicity: OpenID requires the user to remember and type an OpenID URL. WebID hides this in the X509 certificate allowing the browser to offer select-and-click interaction. This is very helpful anywhere, but especially on handheld devices. These protocol simplifications create a cascade of additional benefits. The most interesting is that by being completely compliant with Web Architecture the trust can be moved from the single Identity Provider to the Web of declared relations between agents, opening the space for much more flexible trust policies and choices by service providers, in line with how business actually gets done. Nevertheless OpenID and WebID can work well. The OpenID profile can be the WebID Profile. For devices that have not implemented client-side certificates properly yet, OpenID can then be used for authentication. Why not: 3.2 OpenID OpenID reduces the account multiplication issue by allowing users to login to every site using the same global identifier. It works well with WebID and provides a base from which WebID is able to deliver the following benefits: Protocol simplicity: the WebID protocol is a lot simpler, requiring only one more connection over and above the connection to the requested resource, where the result is cacheable. OpenID requires seven TLS connections, significantly more than WebID. These additional steps create opportunities for denial of service attacks, making it more difficult to secure and to debug. User-interaction simplicity: OpenID requires the user to remember and type an OpenID URL. WebID hides this in the X509 certificate allowing the browser to offer select-and-click interaction. This is very helpful anywhere, but especially on handheld devices. These protocol simplifications create a cascade of additional benefits. The most interesting is that by being completely compliant with Web Architecture the trust can be moved from the single Identity Provider to a federated Web of declared relations between agents, opening the space for much more flexible trust policies and choices by service providers, in line with how business actually gets done. An OpenID profile can be a WebID Profile. For devices that have not implemented client-side certificates properly yet, OpenID can also serve as a fallback authentication mechanism. Note: quick edit, so read through. -- Regards, Kingsley Idehen President& CEO OpenLink Software Web: http://www.openlinksw.com Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca: kidehen
Received on Wednesday, 27 April 2011 11:38:57 UTC